nat some addresses in ipsec tunnel

gregoire

Hello everyone,

I'm trying to achieve configuration on a pfsense (2.5.2):

Site A and Site B are going to be connected with site to site VPN connection using IPSEC

Site A is using 2 subnets : 192.168.1.0/24 and 192.168.10.0/24

Site B is using for the tunnel a special subnet 205.XXX.XXX.XXX/29

Site B requires Site A to nat some addresses in both subnet (10.0/24 and 1.0/24) with addresses in another subnet 10.XXX.XXX.XXX/28

It's the first time i'm confronted with this situation, i've tried using outbound NAT with interface IPSEC like this:

NAT OUTBOUND

Source : Network 192.168.1.50/32 (example)

destination : network 205.XXX.XXX.XXX/28

translation : Other address: corresponding to the address given by site B in 10.XXX.XXX.XXX/28

IPSEC configuration : Phase 2 :

Local network : 192.168.0.0/20 to encapsulate both /24 subnets

NAT BINAT : network 10.XXX.XXX.XXX/28

remote network : 205.XXX.XXXX.XXX/29

(tunnel is up)

But it's not working apparently ...

Any ideas or conf ?

thank you

viragomann

@gregoire
This can only be done with BINAT in P2.
However, it either requires that the local network and the NAT network have equal subnet sizes or the the translation network is a single address.